We have been waiting to post this for weeks. It is not because we are playing hard to get, we just wanted to see how far we could go 🙂
Let’s contextualize. When we conceive our proposal we made the following reasoning:
- In several situations, the reading of a sensor can be enough evidence to prove something. Thinking about location examples, the above could be useful if:
- A person wants to prove that he/she was in a certain place at a given time.
- A delivery person must bring a package to an address.
- A worker who must be in an area for a period of time.
- If someone wants to use a reading as evidence of a fact, he/she should be the one detected. The reason is very simple, false readings can be generated:
- A child who plays truant from school.
- A delivery person who sets a fake GPS location.
- A worker who wants to pretend that he/she works more than he/she actually did.
- For the same reason, detections should not be used as accusatory evidence:
- A person can simulate that another person was in a restricted area.
- A person can simulate that another person was in a place to deny that he/she could be elsewhere.
- A person could use a stolen device to commit any felony.
- A person could use a modified device to impersonate another person.
- In addition, the absence of detections should not be used as accusatory evidence either, since the readings could be deliberately omitted.
- A person does not want to register the delivery person who goes to his/her home.
- A company does not register an action of its clients to cancel any of their rights.
- To be able to use a reading as an evidence to a thrid party, it should be recorded in a way that ensures that:
- The authentication of the sender of the message can be checked.
- The message is registered when it occurs.
- The message can not be modified.
- The message can not be repudiated.
Before explaining our approach we would like to make a small point. Our starting point was: let’s use IoT as evidence to prove facts. We believe that extreme generalizations are extremely bad, and we are convinced that the reader can come up with several solutions to the above problems. We did not want to propose anything that seemed like a good idea but in practice would not work at all. Why our proposal is a Trusted IPS for Nursing Homes? Because we believe it is useful and we can deal with the above problems in this area.
We believe that the best scenarios to deploy a proposal are those in which the following requirements are maximized:
- The detected one obtains benefits:
- Direct: He/she can prove a fact.
- Indirect: The processing of data provides some benefits (emergency attention, customized care, …).
- The detector obtains benefits:
- Direct: Location of workers, logistics optimization, sale of data, …
- Indirect: Transparency policies, analytics, …
- The detected one should not be interested in cheating the system.
- The detector should not be interested in cheating the system.
How do these requirements fit with a nursing home?
Residents and their relatives can obtain great benefits:
- Guarantee of adequate attention.
- Help in emergency situations.
- Behavioral study for the early detection of diseases (degree of mobility, level of physical exercise, sociability, dementia, Alzheimer, …).
The owners and staff of the nursing home can also obtain great benefits:
- If one of your loved ones must be admitted to a nursing home and you must choose one. How would you rate one that offers you a guarantee of the care of its residents and that gives you mechanism to enforce your rights?
- Location of residents.
- Location of staff.
- Processes automation.
Interest in cheating by the detected
This requirement is the most complex to maximize because necessity is the mother of invention, and we know that some people may try to cheat the system to obtain other benefits (better care, financial compensation, etc).
However, we must understand that the value of the data is proportional to the security policies implemented. The reading of an isolated detection sensor should not have the same value as that of a set of them following a sequence, plus a NFC reading, plus … . To clarify, we do not encourage to use 20 different types of sensors, we encourage to establish the necessary mechanisms to avoid fraudulent use of the system.
We know that our proposal suffers from not addressing this point with the necessary depth. This is due to two reasons: i) only the analysis of the necessary security policies could take months and ii) without analyzing the day-to-day in a nursing home we are not qualified to do so. For our proposal we ‘only’ use BLE Beacons for the reasons mentioned here.
On the other hand, we would like to highlight that we think it would be relatively easy to convince residents to carry a beacon with them because many of them already carry a device of similar size to call emergency services (or why not, improve the current devices).
Interest in cheating by the detector
Here the question to be asked should be: What is better for the nursing home? That it can modify the data or that it can guarantee that it can not modify the data? For us there is no doubt that the second is much more beneficial both from the ethical and from the economic point of view. And how can they give this guarantee? We can think of two ways to do it:
- Using an intermediary. An outside company hired by the nursing home (could be you 🙂 ) would be responsible for recording the readings and ensure they are real.
- Storing the data in a blockchain.
This part has given us more headaches than any other since the technology used is more complex and abstract. When the challenge began, our knowledge of the blockchain was basic. After a few months experimenting with this technology we feel that we still know very little, but at least we have unlearned some misconceptions. Our vision of the blockchain is that:
- Forget the money! The most outstanding feature of the blockchain is that it allows us to decentralize trust. Obviously this is ideal for monetary operations so we believe that the association Blockchain=Money will prevail for a long time.
- Integrity and non-repudiation is guaranteed by design.
- IoT and blockchain combine perfectly.
- There is a lot of misinformation. Many people still underestimate the blockchain and many others overestimate what can be done in its current phase.
- The smart contracts will be the trigger for the use of the blockchain in all areas, but we believe that not in the current conception of the smart contracts.
When you start to study the blockchain, the first thing you should do is not to think about it as a whole, since there are multiple proposals that experiment with multiple concepts. There are public, private and hybrid blockchains, with support for smart contract or not, for general use or for niches, based on mining, preminated, … .
In our case, after analyzing several blockchains we decided to use IOTA since it allows us to i) store data, ii) with no fees iii) quickly. We are not going to talk much about the IOTA since the only thing we would do would be to paraphrase its website. But we would like to encourage you to investigate about it since for us, it is the blockchain with better future prospects.
We only use IOTA to store locations, in which we will delve into our next post. To understand how we do it, we must understand that:
- We talk about IOTA as blockchain, but IOTA is blockless and it is based on tangle.
- A transaction validates two previous transactions. Thanks to this, the miners have no place. Neither the fees. It is possible to make transactions with zero value.
- If a transaction has no value, it is not necessary to prove that we own the private key corresponding to the address that generates the transaction.
- If it is not necessary to prove that you own the private key, you can use the field for the signature of the message to store any other data, in our case messages with the location that we have previously signed with PGP and, if necessary, encrypted with AES.
The way in which we use the IOTA to store locations allows us to guarantee that:
- The locations are stored in a distributed ledger and it is not possible to block their access.
- A message can not be repudiated.
- It is not possible to modify or remove registered locations.
- It is not possible to add past information that can be trusted. The timestamp of the location and the timestamp of the IOTA’s transaction will determine if the message should be trusted or not.
As we have anticipated, in the next post we will present the last feature of Jura and we will explain exactly how we do the above.
We would like to finish this post highlighting that in our proposal we only use a minimum part of what IOTA offers. Once we have the data in the tangle, i) why not sell them?, ii) why not offer a better service on demand?, iii) why not use them to build an oracle for a smart contract?, iv) thinking about IOTA snapshots, why not deploy a permanode that allows access to the data under a freemium model?